>This means PCs will use Windows Hello face authentication, fingerprints, or a PIN code. The password option will simply disappear from the login screen, if you decide to opt-in to this new “make your device passwordless” feature.
All bad ideas imho. How is a pin different than a password? "face authentication" has never been accurate for people of color afaik. I cant stand Win10, forced to use it at work but I will never use it for any of my personal computers until they remove the phone-home-back-door-ability and the many more dumb and silly features.
PINs are encouraged because when a password is used, it is the user's microsoft account password. By not entering this password publicly, it increases the security of the microsoft account.
That's just making the user need _more_ passwords, and will result in bad password mangement and lost access. Also pins are quite a bit easier to shoulder surf, so this is just nuts.
Specifically, how is a pin which is usually shorter, more secure than a password? Or how is it different from a password if it has the same characteristics?
Edit: to me it seems like microsoft is using a password for their cloud account, and a rebranded password for offline access.
The PIN is used to unlock a private key in the hardware TPM module. The private key is then used unlock the account. The PIN is more secure because it's really just an unlock code for a hardware private key. It's the private key doing the hard work of unlocking the local account (and even unlocking secure access to the cloud account without password entry). The PIN is only sent to the TPM on that device (and the TPM is built so that it only accepts PINs physically entered on that device, lock outs after bad attempts, etc) and only used to unlock that private key and not stored anywhere else or sent over wire to any other machine.
It changes the threat model from "knows password" to "knows PIN and has physical access to user's device".
ETA: Something the article should probably have better underscored was Microsoft was specifically talking about "Windows Hello" PIN entry rather than PIN usage in general.
“The PIN is more secure because it's really just an unlock code for a hardware private key.” so it is a password for the hardware private key. But rebranded as a pin so microsoft sounds as if it does something to innovate.
It's not really a rebranding because the use of the word PIN here is closer to (and derived from) the use of a PIN in the older, traditional multi-factor sense where for instance a bank card PIN only worked with the associated bank card present. PIN versus Password has almost always implied this sort of multi-factor distinction, and Microsoft if anything is just reusing an old term for what it was meant for.
Presumably because people are less likely to think a PIN "secure" and "unguessable", and ironically are more likely to protect it (and actually remember it without writing it down). In general, people are really bad at passwords and password security. Microsoft here are taking the stance that the only good password is no password at all. There is a (weird) psychological difference between passwords and PINs.
(Also, it doesn't have to be a PIN, it can be biometrics if you prefer.)
Most importantly, the PIN is used to unlock a private key in the hardware TPM module: it's the private key that is the real password for the account at that point. The PIN is never sent over the wire anywhere (no server knows it, it isn't even on the local hard-drive, it's just a TPM unlock code), it simply unlocks that key and it is that device key that is then used to unlock everything else.
(Same for Windows Hello whether faceprint or thumbprint or what have you: the biometrics just unlock the local TPM key, they are never shared outside of that device and its relationship with the local TPM.)
15 comments
[ 7.8 ms ] story [ 43.5 ms ] threadAll bad ideas imho. How is a pin different than a password? "face authentication" has never been accurate for people of color afaik. I cant stand Win10, forced to use it at work but I will never use it for any of my personal computers until they remove the phone-home-back-door-ability and the many more dumb and silly features.
Worst part is, I recently installed Windows and it FORCED me to use a PIN until I finished setup and went back into the settings to disable it.
Why does Microsoft think passwords and consumer choice are going out of style?
Edit: to me it seems like microsoft is using a password for their cloud account, and a rebranded password for offline access.
It changes the threat model from "knows password" to "knows PIN and has physical access to user's device".
ETA: Something the article should probably have better underscored was Microsoft was specifically talking about "Windows Hello" PIN entry rather than PIN usage in general.
(Also, it doesn't have to be a PIN, it can be biometrics if you prefer.)
That is, the user has a very limited number of tries after which, only the password will unlock it.
Then of course, great care must be taken to disallow resetting those number of tries.
(Same for Windows Hello whether faceprint or thumbprint or what have you: the biometrics just unlock the local TPM key, they are never shared outside of that device and its relationship with the local TPM.)
Because the prevailing wisdom of the current tech industry is that users are cattle to be farmed?
Good question. I wondered the same when I noticed you can enable using an "alphanumeric pin" which happens to be the same as your password.